Configuring Access Control

Create and develop relationships among roles, resources, and actions by editing the XML policy file.

Use the cluster manager to manage access control. The relationships between the roles and resources are maintained in a single XML policy file used by all cluster managers in a project. If the XML policy file is not defined, authorization is not restricted based on user roles and therefore, all authenticated users will have full access

The policy.xml file is loaded automatically when you start the cluster manager. Use the cluster admin tool to reload the policy file at runtime.

  1. Use any text editor to open the XML policy file.
  2. Add <Policies/> tags to hold all of the policies you create.
    You can include more than one policy within the <Policies/> tags.
  3. To start a new policy, add <Policy/> tags.
  4. Specify the Policy type as Project or Cluster.
    <Policy type="Project">
  5. To create a new role for the policy, add <Role/> tags within <Subjects/> tags.
    You can include more than one role in the <Subjects/> tags, however, all the resources and actions will be associated are roles contained in the <Subjects/> tags. For a role with different resources and actions, create a separate policy using the <Policy> tags.
  6. Add a group or role to the new role being created within the <Role/> tags.
  7. To associate resources with the role, specify each resource with <Resource/> tags, and enclose these in the <Resources/> tag.
  8. To associate actions with the resources, specify each action with <Action/> tags and enclose these in the <Actions/> tags.
This is a sample policy file. The investment role can read, write, start, and stop the two resources.
 <Policies>
  <Policy type= "Project">
        <Subjects>
           <Role>investment</Role>
        </Subjects>
        <Resources>
          <Resource>Default/PassThrough/vwapTrades</Resource>
          <Resource>Default/Pass1</Resource>
        </Resources>
        <Actions>
	      <Action>read</Action>
	      <Action>write</Action>
	      <Action>stop</Action>
	      <Action>start</Action>
        </Actions>
  </Policy> </Policies>
Parent topic: Access Control
Related tasks
Configuring the Server for Access Control